"CVE-2026-2348: Kritische XSS-Lücke im Drupal Modul 'QuickEdit'"

Project: Quick EditDate: 2026-February-11Security risk: Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross-site ScriptingAffected versions: <1.0.5 || >=2.0.0 <2.0.1CVE IDs: CVE-2026-2348Description: This module allows content to be edited in-place. The module doesn't sufficiently sanitize certain image-related values during the editing process leading to a persistent Cross-site Scripting (XSS) vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to create or edit an affected field.Solution: Install the latest version: If you use the QuickEdit module for Drupal 9, upgrade to 2.0.1 or 1.0.5 Reported By: Drew Webber (mcdruid) of the Drupal Security Team Fixed By: Derek Wright (dww) Vladimir Roudakov (vladimiraus) Coordinated By: Greg Knaddison (greggles) of the Drupal Security Team Drew Webber (mcdruid) of the Drupal Security Team

Tech Blog

"CVE-2026-2348: Kritische XSS-Lücke im Drupal Modul 'QuickEdit'"

Zusammenfassung